VYPR

Vendor CVEs

SonicWall

All CVEs

245 total · sorted by risk
  • CVE-2016-9682CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out…

  • CVE-2016-9683CriFeb 22, 2017
    risk 0.68cvss 9.8epss 0.12

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for…

  • CVE-2016-9684CriFeb 22, 2017
    risk 0.67cvss 9.8epss 0.07

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL…

  • CVE-2016-2396CriFeb 17, 2016
    risk 0.65cvss 9.9epss 0.05

    The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

  • CVE-2024-40765CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

  • CVE-2024-40762CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2016-2397CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.06

    The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

  • CVE-2024-3596CriJul 9, 2024
    risk 0.60cvss 9.0epss 0.15

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

  • CVE-2024-12802CriJan 9, 2025
    risk 0.59cvss 9.1epss 0.00

    SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each…

  • CVE-2024-22397HigMar 14, 2024
    risk 0.54cvss 8.3epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

  • CVE-2026-0204HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

  • CVE-2024-53706HigJan 9, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

  • CVE-2024-45316HigOct 11, 2024
    risk 0.51cvss 7.8epss 0.00

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege…

  • CVE-2025-32818HigApr 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

  • CVE-2024-53705HigJan 9, 2025
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

  • CVE-2024-45317HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

  • CVE-2024-29011HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.

  • CVE-2026-4116HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

  • CVE-2026-4113HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.00

    An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

  • CVE-2026-4112HigApr 9, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

  • CVE-2025-40595HigMay 14, 2025
    risk 0.47cvss 7.2epss 0.00

    A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

  • CVE-2025-23010HigApr 10, 2025
    risk 0.47cvss 7.2epss 0.00

    An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

  • CVE-2025-23009HigApr 10, 2025
    risk 0.47cvss 7.2epss 0.00

    A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

  • CVE-2025-23008HigApr 10, 2025
    risk 0.47cvss 7.2epss 0.00

    An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

  • CVE-2024-12805HigJan 9, 2025
    risk 0.47cvss 7.2epss 0.01

    A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

  • CVE-2024-12803HigJan 9, 2025
    risk 0.47cvss 7.2epss 0.01

    A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

  • CVE-2024-29010HigMay 1, 2024
    risk 0.46cvss 7.1epss 0.01

    The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions.

  • CVE-2026-0205MedApr 29, 2026
    risk 0.44cvss 6.8epss 0.00

    A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

  • CVE-2018-3639MedMay 22, 2018
    risk 0.44cvss 5.5epss 0.61

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis,…

  • CVE-2026-4114MedApr 9, 2026
    risk 0.43cvss 6.6epss 0.01

    Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.

  • CVE-2025-32817MedApr 16, 2025
    risk 0.40cvss 6.1epss 0.00

    A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption.

  • CVE-2024-9103MedMar 24, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2025-23007MedJan 30, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

  • CVE-2024-45315MedOct 11, 2024
    risk 0.36cvss 5.5epss 0.00

    The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of…

  • CVE-2024-22396MedMar 14, 2024
    risk 0.35cvss 5.3epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

  • CVE-2018-5691MedJan 14, 2018
    risk 0.35cvss 5.4epss 0.01

    SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

  • CVE-2018-5281MedJan 8, 2018
    risk 0.35cvss 5.4epss 0.03

    SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

  • CVE-2018-5280MedJan 8, 2018
    risk 0.35cvss 5.4epss 0.03

    SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

  • CVE-2026-0206MedApr 29, 2026
    risk 0.32cvss 4.9epss 0.01

    A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

  • CVE-2024-12806MedJan 9, 2025
    risk 0.32cvss 4.9epss 0.01

    A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

  • CVE-2024-22398MedMar 14, 2024
    risk 0.32cvss 4.9epss 0.01

    An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance…

  • CVE-2026-3468MedMar 31, 2026
    risk 0.31cvss 4.8epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute…

  • CVE-2024-53704KEVJan 9, 2025
    risk 0.26cvss epss 0.95

    An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

  • CVE-2021-20038KEVDec 8, 2021
    risk 0.26cvss epss 1.00

    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v…

  • CVE-2019-7481KEVDec 17, 2019
    risk 0.26cvss epss 1.00

    Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2026-3470LowMar 31, 2026
    risk 0.25cvss 3.8epss 0.00

    A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.

  • CVE-2021-20021KEVApr 9, 2021
    risk 0.25cvss epss 0.83

    A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

  • CVE-2021-20016KEVFeb 3, 2021
    risk 0.24cvss epss 0.40

    A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

Page 1 of 5